strrat | 5d30b7b16031ee4e7067544bfd46679ed779acff08d7b9f149a088157ac99c0c | Triage

Submit
Reports

Overview

overview

Static

static

1

3aa4075925...1d.jar

windows7-x64

1

3aa4075925...1d.jar

windows10-2004-x64

Sharing

General

Target

3a8408bd24e0c03eff82e67943d10f23.bin
Size

475KB
Sample

240609-b8tl9ace32
MD5

95da747036b8a3d53c23d03379accc11
SHA1

fb0b3b8faf4f177f56ec250c5864ea6ed7895612
SHA256

5d30b7b16031ee4e7067544bfd46679ed779acff08d7b9f149a088157ac99c0c
SHA512

900c11d573be664182ccce01e37eb86b35708b597c3c8010b925f9e2f401ac44bda14412f16b358117cd35534a70a442a98306cf252f9ed58792f6c6b6265b1b
SSDEEP

12288:1FZkndXohxDmCJeDF7IDGgrlABf4073ZJVKTWHzXz0o4T8H:1Ed4DmCJiiDGgqBfh73HVKiBtH

Score

10^/10

strrat discovery persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

3aa407592573d9cdc3527c18d778d71b83dfbc9bc6b638f619229d9d8c51d61d.jar

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

3aa407592573d9cdc3527c18d778d71b83dfbc9bc6b638f619229d9d8c51d61d.jar

Resource

win10v2004-20240226-en

strrat discovery persistence stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  3aa407592573d9cdc3527c18d778d71b83dfbc9bc6b638f619229d9d8c51d61d.jar
- Size
  
  481KB
- MD5
  
  3a8408bd24e0c03eff82e67943d10f23
- SHA1
  
  15905ce2e7170b6dd2110d793820665a5d7ea1eb
- SHA256
  
  3aa407592573d9cdc3527c18d778d71b83dfbc9bc6b638f619229d9d8c51d61d
- SHA512
  
  46044d9727ae1ee10dd7f0aa108b3717cb2dccd995d505af115f35edb45b649a47533ccabd50d2a2c44d90a87ababc231e2acc01672dfe35f02eb7b739653d20
- SSDEEP
  
  12288:6tlWvKeQSPEUpTroRFoRb5h7BC2JBMct62xKcO:6fWvlvXoEtMM62S
Score

10^/10

strrat discovery persistence stealer trojan
- STRRAT
  STRRAT is a remote access tool than can steal credentials and log keystrokes.
  trojan stealer strrat
- Drops startup file
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

strratdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy